quic_keys (quic v1.3.1)
View SourceQUIC key derivation for packet protection.
This module derives the cryptographic keys used for QUIC packet protection at each encryption level (Initial, Handshake, Application).
Initial Keys
Initial keys are derived from the Destination Connection ID using a fixed salt defined in RFC 9001.
Key Derivation
Keys are derived using HKDF-Expand-Label with the following labels: - "quic key" for the AEAD key - "quic iv" for the AEAD IV/nonce - "quic hp" for header protection key
Summary
Functions
Derive initial client keys from DCID. Returns {Key, IV, HP} for client Initial packets.
Derive initial client keys from DCID with version.
Derive the initial secret from DCID using QUIC v1 salt.
Derive the initial secret from DCID. Version determines which salt to use.
Derive initial server keys from DCID. Returns {Key, IV, HP} for server Initial packets.
Derive initial server keys from DCID with version.
Derive keys from a traffic secret. Returns {Key, IV, HP} for the given secret.
Derive traffic keys (Key, IV, HP) from a traffic secret. Uses AES-128-GCM key sizes (16-byte key, 12-byte IV, 16-byte HP). This is used for Initial and Handshake encryption levels.
Derive updated keys from an updated application secret. This performs the full key update: derives the new secret and then derives keys. Returns {UpdatedSecret, {Key, IV, HP}}.
Derive an updated application secret for key update (RFC 9001 Section 6). The next application secret is computed as: updated_secret = HKDF-Expand-Label(current_secret, "quic ku", "", hash_len) where "quic ku" is the label for key update.
Types
Functions
Derive initial client keys from DCID. Returns {Key, IV, HP} for client Initial packets.
-spec derive_initial_client(binary(), non_neg_integer()) -> keys().
Derive initial client keys from DCID with version.
Derive the initial secret from DCID using QUIC v1 salt.
-spec derive_initial_secret(binary(), non_neg_integer()) -> binary().
Derive the initial secret from DCID. Version determines which salt to use.
Derive initial server keys from DCID. Returns {Key, IV, HP} for server Initial packets.
-spec derive_initial_server(binary(), non_neg_integer()) -> keys().
Derive initial server keys from DCID with version.
Derive keys from a traffic secret. Returns {Key, IV, HP} for the given secret.
Derive traffic keys (Key, IV, HP) from a traffic secret. Uses AES-128-GCM key sizes (16-byte key, 12-byte IV, 16-byte HP). This is used for Initial and Handshake encryption levels.
-spec derive_updated_keys(binary(), aes_128_gcm | aes_256_gcm | chacha20_poly1305) -> {UpdatedSecret :: binary(), keys()}.
Derive updated keys from an updated application secret. This performs the full key update: derives the new secret and then derives keys. Returns {UpdatedSecret, {Key, IV, HP}}.
Derive an updated application secret for key update (RFC 9001 Section 6). The next application secret is computed as: updated_secret = HKDF-Expand-Label(current_secret, "quic ku", "", hash_len) where "quic ku" is the label for key update.